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DETAILED ACTION 

1. This action is responsive to communication: amendment filed 21 December 2005 with 
recognition of the original application was filed on 1 December 2000 with a continuing 
application priority date of 09 May 2000. 

2. Claims 55-105 are currently pending in this application. Claim 55, 68, 72, 79, 91, 95, 
102, 104, and 105 are independent claims. Claims 55, 71, 79, 94, 102 have been amended, 
amendments to the claims accepted. 

Response to Arguments 

3. Applicant's arguments with respect to claims 55-105 have been considered but are moot 
in view of the new ground(s) of rejection. 

Claim Rejections - 35 USC §103 

4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections "set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or 
described as set forth in section 102 of this title, if the differences between the subject 
matter sought to be patented and the prior art are such that the subject matter as a whole 
would have been obvious at the time the invention was made to a person having ordinary 
skill in the art to which said subject matter pertains. Patentability shall not be negatived 
by the manner in which the invention was made. 

5. Claims 55-57, 59-64, 66-71, 79-81, 83-87, 89, 90-94, and 102-104, are rejected under 
35 U.S.C. 103(a) as being unpatentable over Hunt et al. U.S. Patent No. 6,496,855 
(hereinafter '855) in view of Dan et al. U.S. Patent No. 6,560,639 (hereinafter '639). 

As to independent claim 55, "A computer-implemented method for privacy 
management, comprising:" is taught in '855 col. 1, lines 55 through col. 2, line 17; 
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"providing a linked collection of Web pages, comprising at least first and second 
Web pages, on a Web site maintained by an enterprise, so as to enable a user to exchange 
information with the enterprise via the Web pages" is shown in c 855 col. 5, lines 20-33 (i.e. 
"pages" same as "forms"); 

"providing to the user accessing the first and second Web pages the respective 
privacy policies for the first and second Web page" is taught in '855 col. 6, line 53 through 
col. 7, line 31; 

"and exchanging the information with the user via the Web site subject to the non- 
uniform privacy policies, such that at least a first portion of the information is exchanged 
via the first Web page subject to the first privacy policy, and at least a second portion of 
the information is exchanged via the second Web page subject to the second privacy policy" 

is shown in '855 col. 9, lines 16-45. 
the following is not taught in '855: 

"assigning, by the enterprise respective, non-uniform privacy policies to at least 
some of the Web pages regarding use of the information that is exchanged through the 
Web pages, the privacy policies comprising at least a first privacy policy assigned to the 
first Web page and a second, different privacy policy assigned to the second Web page" 

however '639 teaches "The front end daemon may include a page manager for creating new web 
pages, modifying existing web pages with available web page attributes, and/or tying the web 
pages to web site architecture and navigation. The page manager may be capable of listing, via a 
page panel, every web page in hierarchical order or other arrangement. The page manager may 
provide a form for updating content of a selected, listed web page, adding a new web page, 
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viewing the selected, listed web page, deleting the selected, listed web page, and/or cloning the 
selected, listed web page . . . The front end daemon may include an optional forum manager. The 
forum manager may create, attach and/or manage one or more interactive posting environments. 
The front end daemon may include an optional help manager. The front end daemon may 
include an optional object manager for creating and/or modifying a definition of an object and/or 
an instance of the object. The object may include a global object applicable to an entire server, 
network and/or web site, a page-specific object applicable to a user-specified page, graphic 
and/or web page and a widget being user-designed and applicable to the entire site, network or 
web site and/or the user-specified page depending upon user determination" in col. 4, lines 6-63. 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to modify the teachings of '855, a Web site registration proxy system to recognize that web sites 
establish their own privacy policies with respect to individual web pages. One of ordinary skill 
in the art would have been motivated to perform such a modifications to store user information 
(see '639 col. 2, lines 59 et seq.). "The web site management system may optionally include a 
database having a directory structure associating each page or web page of a site or web site with 
attributes thereof. The system may optionally include a server-side front end daemon 
communicatable with the web server and the database. The server-side front end or other part of 
the system may identify the attributes of any user-changed page or web page and/or store the 
attributes of any user-changed page or web page in the database". 
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As to dependent claim 56, "wherein exchanging the information with the user 
comprises receiving private information submitted to the enterprise by the user" is 
disclosed in '855 col. 7, lines 38-61. 

As to dependent claim 57, "wherein receiving the private information comprises 
receiving the user's agreement to at least one of the privacy policies, and recording the 
private information together with an indication of the at least one of the privacy policies 
agreed upon" is taught in '855 col. 7, line 62 through col. 8, line 9. 

As to dependent claim 59, "wherein providing the linked collection of Web pages 
comprises arranging the Web pages in a hierarchy of nodes that comprises a root node, 
such that each of the nodes except for the root node has a parent node in the hierarchy, and 
wherein assigning the privacy policies comprises assigning to each of at least some of the 
nodes, including the nodes associated with the first and second Web pages, one or more 
respective privacy rules regarding use of the information that is associated with the nodes, 
and setting for each of the nodes a node privacy policy that comprises the privacy rules 
assigned to the node combined, for each of the nodes except the root node, with the node 
privacy policy of its parent node" is disclosed in '855 col. 7, lines 1-65. 

As to dependent claim 60, "wherein providing the respective privacy policies 
comprises informing the user who has exchanged the information associated with the first 
Web page subject to the first privacy policy of a difference in the second privacy policy 
relative to the first privacy policy before exchanging the information associated with the 
second Web page" is taught in '855 col. 5, lines 44-45. 



Application/Control Number: 09/728,661 Page 6 

Art Unit: 2134 

As to dependent claim 61, "wherein assigning the non-uniform privacy policies 
comprises assigning an initial privacy policy to the first Web page, and subsequently 
making a change in the initial privacy policy so as to assign a modified privacy policy to the 
first Web page, and wherein providing the privacy policies to the user comprises informing 
the user who has exchanged information with the first Web page subject to the initial 
privacy policy of the change" is shown in '855 col. 3, lines 52-67. 

As to dependent claim 62, "wherein informing the user comprises prompting the 
user to provide an input to indicate whether the user accepts or rejects the change" is 
disclosed in '855 col. 5, lines 44-45.. 

As to dependent claim 63, "wherein assigning the privacy policies comprises storing 
the privacy policies in a computer server belonging to the enterprise, and wherein 
providing the privacy policies to the user comprises intercepting a request by the user to 
access the first Web page and providing the first privacy policy to the user responsive to 
the request" is shown in £ 855 col. 2, lines 6-33. 

As to dependent claim 64, "wherein providing the privacy policies comprises 
conveying the policies in a standard form for presentation by a Web browser" is taught in 
'855 col. 5, line 55 through col. 6, line 5. 

As to dependent claim 66, "wherein assigning the non-uniform privacy policies 
comprises determining a rating for each of the policies based on a predetermined rating 
scale" is shown in ' 85 5 col. 6, lines 44-64. 

As to dependent claim 67, "wherein assigning the non-uniform privacy policies 
comprises defining first and second user classes and defining, for a given one of the Web 
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pages, different first and second class privacy policies, respectively, for the first and second 
user classes, and wherein providing the privacy policies to the user comprises determining 
whether the user belongs to the first or second class, and providing the first or the second 
class privacy policy accordingly" is disclosed in '855 col. 7, lines 52-65. 

As to independent claim 68, "A computer-implemented method for privacy 
management, comprising:" is taught in '855 col. 1, lines 55 through col. 2, line 17; 

"arranging a body of information in a hierarchy of nodes that comprises a root 
node, such that each of the nodes except for the root node has one or more ancestor nodes 
in the hierarchy" is shown in col. 6, line 44 through col. 7, line 1 1; (i.e. "body of information" 
same as "user profile", "root node" same as "core profile", "ancestor nodes" same as "site 
specific profile") 

"assigning to each of at least some of the nodes one or more respective privacy rules, 
regarding use of the information that is associated with the node" is disclosed in £ 855 col. 7, 
lines 62-65; 

"receiving a request from a user to access a given node" is taught in '855 col. 5, lines 

51-55; 

"computing a node privacy policy for the given node by combining the privacy rules 
assigned to the given node with node privacy policies of the ancestor nodes of the given 
node in the hierarchy" is shown in '855 col. 6, lines 6-43; 

"providing the computed node privacy policy to the user; and exchanging with the 
user at least a portion of the information that is associated with the given node subject to 
the provided privacy policy" is disclosed in '855 is disclosed in '855 col. 6, lines 44-67. 
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As to dependent claim 69, this claim is substantially similar to dependent claims 56; 
therefore it is rejected along similar rationale. 

As to dependent claim 70, "wherein arranging the body of information comprises 
associating the nodes with respective Web pages accessible through a Web site" is shown in 
'855 col. 5, lines 20-33 (i.e. "pages" same as "forms"); 

As to dependent claim 71, "wherein assigning the respective privacy rules comprises 
representing the privacy rules assigned to each of the at least some of the nodes as 
respective policy sections, which are written in an extensible markup language (XML) and 
comprise an attribute identifying a parent node in the hierarchy" is disclosed in '855 col. 5, 
line 55 through col. 6, line 5 and '639 col. 20, lines 17-31. 

As to independent claim 79, this claim is directed to the apparatus for the method of % 
claim 55; therefore it is rejected along similar rationale. 

As to dependent claims 80, 81, 83-87, 89, and 90, these claims are substantially 
similar to dependent claims 56, 57, 59-64, 66, and 67; therefore they are rejected along 
similar rationale. 

As to independent claim 91, this claim is directed to the apparatus for the method of 
claim 68; therefore it is rejected along similar rationale. 

As to dependent claims 92-94, these claims are substantially similar to dependent claims 
69-71; therefore they are rejected along similar rationale. 

As to independent claim 102, this claim is directed to the software program for the 
method of claim 55; therefore it is rejected along similar rationale. 



Application/Control Number: 09/728,661 Page 9 

Art Unit: 2134 

As to dependent claims 103, this claim is substantially similar to dependent claim 57; 
therefore it is rejected along similar rationale. 

As to independent claim 104, this claim is directed to the software program for the 
method of claim 68; therefore it is rejected along similar rationale. 

6. Claims 58, 65, 82, 88 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
'855 in view of c 639 in further view of Itabashi et al. U.S. Patent No. 6,308,203 
(hereinafter '203). 

As to dependent claim 58, "querying the application to determine its compliance 
with the at least one of the privacy policies subject to which the requested information was 
received; and providing the requested information subject to the compliance of the 
application with the at least one of the privacy policies" is taught in '855 col. 6, lines 6-14 
"Any system for submitting data to a site on behalf of a user will need certain information about 
the site and its form system, which is termed Site Data Requirements (SDR) ... and needs to 
include at least some of the following information ... 2. what are the site's data privacy policies? 
Is there any relevant third party auditing or accreditation"; 

the following is not taught in '855: "and comprising: intercepting a request from D an 
application to use the private information received from the user" however '203 teaches 
"The information processing apparatus of still another embodiment of the present invention 
further comprises a detection means . . . The information processing apparatus of still yet another 
embodiment of the present invention further comprises another detection means ... for detecting 
unauthorized access to the personal information ... An information processing apparatus of still 
further embodiment of the present invention comprises an access means (for example, step S21 
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shown in FIG. 4) for accessing an information processing device of an information provider 
through a server and a control means (for example, step S27 shown in FIG. 4) for controlling the 
provision by the server of personal information stored in a storage means to the information 
processing device of the information provider on behalf of a user when a request for the personal 
information comes from the information processing device of the information provider" in col. 4, 
lines 30-53. 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to modify the teachings of '855, a Web site registration proxy system to include the use of P3P 
format as well as a means to intercept requests. One of ordinary skill in the art would have been 
motivated to perform such a modifications to place emphasis on mobility and low (see £ 203 col. 
1, lines 49 et seq. and col. 2, lines 36 et seq.). "In addition, a mobile terminal device for 
accessing information or service providers from outside the home is generally designed with 
emphasis placed on mobility and low cost and therefore is. inferior in capability ... In carrying out 
the invention and according to yet another aspect thereof, there is provided an information 
processing apparatus comprising: an access means for accessing the information processing 
device of the information provider through the server; and a control means for controlling the 
provision of the personal information stored in the storage means to the information processing 
device of the information provider by the server on behalf of any of the plurality of users" . 

As to dependent claim 65, "wherein the standard form comprises a form specified 
by the Platform for Privacy Preferences Project (P3P)" is shown in '203 col. 5, lines 24-28 
"The computer group has at least a proxy device 109, a user profile database 1 10 storing 
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personal information of plural users, and a user agent (UA) 1 1 1 of P3P (Platform for Privacy 
Preference Project) as a computer program, thereby realizing a proxy agent service capability for 
providing personal information". 

As to dependent claims 82 and 88; these claims are substantially similar to 58 and 65; 
therefore they are rejected along similar rationale. 

7. Claims 72-78, 95-101, and 105, are rejected under 35 U.S.C. 103(a) as being 
unpatentable over '855 in view of '639 in further view of Itabashi et al. U.S. Patent No. 
6,308,203 (hereinafter '203). 

As to independent claim 72, "A computer-implemented method for privacy 
management, comprising:" is taught in '855 col. 1, lines 55 through col. 2, line 17 "According 
to a first aspect of the present invention, in an arrangement comprising at least one computer 
network connecting at least one personal computer being associated with at least one user, a 
method for managing the registration of the user with the at least one service computer, the 
method comprising the steps of: gathering registration data for the at least one service computer; 
storing the registration data in at least one data structure on at least one registration agent 
computer connected to the computer network; gathering personal data for the user; storing at 
least part of the personal data in at lest one data structure on at least one registration agent 
computer connected to the computer network; and in response to a request from the user to 
registration agent computer connected to the computer network to register the user"; 

"at least some of the resources having privacy policies associated there with 
regarding use of the information that is exchanged through the resources" is disclosed in 
'855 col. 7, lines 52-65 "The information may be grouped into different categories ... For each 
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information group, the user chooses an information policy, which tells the registration agent site 
10 when and to whom the information in that category can be given out"; 

"upon receiving the request from the application, querying the application to 
determine compliance of the application with the privacy policies subject to which the 
requested information was received; and providing the requested information to the 
application subject to the compliance of the application with the privacy policies" is taught 
in '855 col. 6, lines 6-14 "Any system for submitting data to a site on behalf of a user will need 
certain information about the site and its form system, which is termed Site Data Requirements 
(SDR) . . . and needs to include at least some of the following information ... 2. what are the 
site's data privacy policies? Is there any relevant third party auditing or accreditation"; 

"receiving information from users who access the resources subject to the privacy 
policies" is shown in col. 9, lines 16-45 "An important aspect of the present invention is that it is 
possible for the user to specify a privacy policy"; 
the following is not taught in '855: 

"providing a linked collection of interactive resources through which a user is able 
to exchange information with an enterprise that provides the resources" however '639 
teaches " By way of example, the web management system 30 may maintain all of the different 
components, attributes, or meta-data of a web page in the database 50, at an ISP 25. For example, 
the web management system 30 is a comprehensive server-side web management system. It may 
maintain meta-data about every page and object in the system to generate and manage the web 
site optimally. It may also manage all assets, such as, pictures, marketing material, PDF file 
formats and/or internal resources ... In view of above, an illustrative, general method of 
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operation of the instant web management system 30 may be shown, by way of example, in FIG. 
3, and as described, hereinbelow. In Step S10, whether the user has requested a web page 

* 

attributes form from the front end daemon 35 via the web server 20 is determined. If not, Step 
S10 may be repeated. In Step S20, the front end daemon 35 reads the database 50 associating 
web page attributes and web pages in a given web site and sends the requested form having the 
attribute associations to the user via the web server 20 and the user's web browser 10. In Step 
S30, whether the user has edited the requested form and submitted same to the front end daemon 
35 via the web server 20 is determined. If not, Step S30 may be repeated. In Step S40, whether 
the user is authorized to make the proposed edits. If not, Step S10, for example, may be 
performed. In Step S50, the front end daemon 35 enters the user's changes to the web site to the 
database 50. In Step S60, the front end daemon 35 calls the back end daemon 40 to parse the 
edited web page or all of the web pages in the web site and cache same in the file system 45. In 
Step S70, the user, via the web server 10, reads the edited, cached web page from the file system 
45. Step S10, for example, is then performed " in col. 1 1, line 16 through col. 12, line 34; 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to modify the teachings of '855, a Web site registration proxy system to include the use of P3P 
format as well as a means to intercept requests. One of ordinary skill in the art would have been 
motivated to perform such a modifications to place emphasis on mobility and low (see '203 col. 
1, lines 49 et seq. and col. 2, lines 36 et seq.). "In addition, a mobile terminal device for 
accessing information or service providers from outside the home is generally designed with 
emphasis placed on mobility and low cost and therefore is inferior in capability ... In carrying out 
the invention and according to yet another aspect thereof, there is provided an information 
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processing apparatus comprising: an access means for accessing the information processing 
device of the information provider through the server; and a control means for controlling the 
provision of the personal information stored in the storage means to the information processing 
device of the information provider by the server on behalf of any of the plurality of users" . 

the following is not taught in '855 an '639: "intercepting a request from an application to use 
the information received from the users; however '203 teaches "The information processing 
apparatus of still another embodiment of the present invention further comprises a detection 
means . . . The information processing apparatus of still yet another embodiment of the present 
invention further comprises another detection means ... for detecting unauthorized access to the 
personal information ... An information processing apparatus of still further embodiment of the 
present invention comprises an access means (for example, step S21 shown in FIG. 4) for 
accessing an information processing device of an information provider through a server and a 
control means (for example, step S27 shown in FIG. 4) for controlling the provision by the server 
of personal information stored in a storage means to the information processing device of the 
information provider on behalf of a user when a request for the personal information comes from 
the information processing device of the information provider" in col. 4, lines 30-53. 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to modify the teachings of '855 and '639, a Web site registration proxy system to include the use 
of P3P format as well as a means to intercept requests. One of ordinary skill in the art would 
have been motivated to perform such a modifications to place emphasis on mobility and low cost 
(see '203 col. 1, lines 49 et seq. and col. 2, lines 36 et seq.). "In addition, a mobile terminal 
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device for accessing information or service providers from outside the home is generally 
designed with emphasis placed on mobility and low cost and therefore is inferior in capability ... 
In carrying out the invention and according to yet another aspect thereof, there is provided an 
information processing apparatus comprising: an access means for accessing the information 
processing device of the information provider through the server; and a control means for 
controlling the provision of the personal information stored in the storage means to the 
information processing device of the information provider by the server on behalf of any of the 
plurality of users" . 

As to dependent claim 73, "wherein the collection of interactive resources comprises 
a collection of Web pages accessible through a Web site of the enterprise" is shown in '855 
col. 5, lines 20-33 (i.e. "pages" same as "forms") "Each website that is affiliated with the 
registration agent site is represented in a registration profile database 13 where details of the site 
registration requirements, including the registration forms used by the website, are stored". 

As to dependent claim 74, "wherein providing the linked collection of resources 
comprises associating non-uniform privacy policies with the resources, and wherein 
receiving the information comprises receiving and storing different items of the 
information subject to different privacy rules from among the non-uniform privacy 
policies" is disclosed in '855 col. 7, lines 1-65 "a core profile which is a set of data fields 
required by more than one site. Users can have more than one set of core profile data which 
allows them to maintain a set of different "personalities", for example one for work address and 
one for a home address. Other personal data can be stored in site-specific user profiles forming 
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part of the user profile structure. These may consist of data which the user has supplied to a 
, particular site, but which is not used for other sites. Examples include a user name and password 
for site, or preference data specific to one* site ... The information may be grouped into different 
categories for example". 

As to dependent claim 75, "wherein providing the requested information comprises 
checking the compliance of the application with the privacy rules respectively applicable to 
each of the items of the information requested by the application" is taught in '855 col. 6, 
lines 6-14 "Any system for submitting data to a site on behalf of a user will need certain 
information about the site and its form system, which is termed Site Data Requirements (SDR) 
. . . and needs to include at least some of the following information ... 2. what are the site's data 
privacy policies? Is there any relevant third party auditing or accreditation"; 

As to dependent claim 76, "wherein providing the requested information comprises 
determining that the application does not comply with the rules respectively applicable to a 
given item of the information, and refusing to provide the requested information with 
respect to the given item, while providing other information with respect to which the 
application does comply with the respectively applicable rules" is shown in '855 col. 3, lines 
61-67 and col. 5, lines 44-45 "identifying and resolving conflicts between the user's privacy 
preferences and the site' s policies" 

As to dependent claim 77, "wherein receiving the information comprises receiving 
the information from first and second users subject to respective first and second privacy 
policies, and wherein providing the requested information comprises checking the 
compliance of the application with both the first and the second privacy policies 9 ' is taught 
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in '855 col. 6, lines 6-14 "Any system for submitting data to a site on behalf of a user will need 
certain information about the site and its form system, which is termed Site Data Requirements 
(SDR) . . . and needs to include at least some of the following information ... 2. what are the 
site's data privacy policies? Is there any relevant third party auditing or accreditation". 

As to dependent claim 78, "and comprising making a record of the request and of 
the information provided responsive thereto in a log for review in a subsequent privacy 
audit" is taught in '855 col. 7, line 62 through col. 8, line 9 "For each information group, the 
user chooses and information policy, which tells the registration agent site 10 when and to whom 
the information in that category can be given out . . . The user can choose the circumstances 
under which the data they tag as yellow can be given to sites they register with. For example, the 
user may specify that the site must have certain data handling policies in place and perhaps that 
theses policies must be verified by an independent agency". 

As to independent claim 95, this claim is directed to the apparatus for the method of 
claim 72; therefore it is rejected along similar rationale. 

As to dependent claims 96-101 these claims are substantially similar to dependent 
claims 73-78; therefore they are rejected along similar rationale* 

As to independent claim 105, this claim is directed to the software program for the 
method of claim 72; therefore it is rejected along similar rationale. 

Conclusion 

8. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Ellen C Tran whose telephone number is 
(571) 272-3842. The examiner can normally be reached from 6:00 am to 2:30 pm. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Jacques H. Louis- Jacques can be reached on (571) 272-6962. The fax phone number 
for the organization where this application or proceeding is assigned is (571) 273-8300. 
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may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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